A renowned General Data Protection Regulation (GDPR) expert, Alexander Lana has publicly denounced the unwillingness of federal government-owned institutions to act in consonance with the Nigeria Data Protection Regulation, (NDPR,) saying such conduct exposes the country to risks linked with cyber-attacks.
Lana, who bags over 20 years of experience in Information Technology (IT), said this in Abuja against the backdrop of the recent listing of federal institutions that have tapped into the data protection protocol created by the National Information Technology Development Agency, NITDA.
Lana said it was shocking how prominent federal institutions handling huge amounts of data haven’t complied with the data protection protocol.
The Nigeria Data Protection Regulation was initiated in January 2019 by NITDA, with the agency endorsing more than 60 licensed data compliance organizations to foster government and private institution compliance with the protection rules.
Worried by the absence of some federal institutions on the recently released list, he pointed out that such little compliance can have a negative impact on the realization of digitization gains.
He said: “The recent release of the list of organizations that have complied with the data protection regulation by NITDA on its website is very insightful.
One would have thought that most, if not all, federal government owned-institutions, would have keyed into this critical regulation, considering the large amount of information they control.”
Lana further added that a lot more needs to be done by NITDA to ensure deadline compliance, as well as stringent penalties or even a closure should there be a failure to comply.
His words: “The lack of understanding on the importance of data processing is of serious concern to me. There’s a window of opportunity to correct this now whilst the world is currently under a pandemic.
NITDA must put the tools out for organizations to adhere to and start running multiple training sessions immediately.”
“Is it not worrisome that institutions like the Joint Admission and Matriculation Board, (JAMB), Federal Airports Authority Of Nigeria, (FAAN), Nigeria Universities Commission,(NUC), National Hospital and Federal Medical Centre, Jobberman and the health sector are among others missing from such a list,”
Lana said it is mind-bugging that government-owned institutions seem not to comprehend the depth of risk they expose the nation to by failing to ensure that the huge data in their custody are adequately protected.
He commended the President Muhammadu Buhari-led government for its proactive efforts towards protecting data by initiating the regulation in line with world best practices, adding that We are at a time when the need for data protection isn’t just a luxury but an absolute necessity as many organizations are actively keying into data gathering.
He further stated: “We have never been more vulnerable now than ever before. If data gets into the wrong hands, a lot of damage can be done with it.
Individuals have been destroyed because their data got into the wrong hands not to talk about our reputation globally regarding “419 activities and yahoo boys syndrome”.
We are better than this and we should be doing a lot more in my opinion…
“That is why we are concerned that despite the regulations by NITDA to ensure data is protected, many organizations, especially sensitive Ministries, Department and Agencies, MDAs, who handle sensitive data are yet to undergo the process of ensuring that data under their custody are properly protected in line with the rules.
“We are aware that sanctions were spelled out for defaulting establishments but must we keep waiting until a major crisis happens before those organizations sit up?
I truly believe NITDA should go after these organizations with trained task forces to ensure compliance is taken seriously.
On Nigeria’s data protection readiness, he had this to say: “Nigeria is on track but the gaps are becoming a concern to me.
The data protection regulation by NITDA was fashioned after that of the European Union, EU.
“I will like to see more information out there about data protection and immediate basic measures adopted immediately. I can see the problem ahead now but we can control it if these measures adopted.”
Don’t miss important articles during the week. Subscribe to techbuild weekly digest for updates.